SECURITY: minor updates

- we allow the security push up to 48 hours before the release

- add a mention about possible pre-notifications

- lower case the 'curl-security' title